We are looking for an IP Services Engineer that will be responsible for the design, configuration and administration of firewalls and load-balancers throughout the enterprise. The successful candidate will be proficient in the conceptual and strategic operation of security and load-balancing components including hands-on configuration of firewalls in routed and transparent modes; transparent proxies in relation to their firewall policies; and load-balancers in local and global configurations. This position requires an elevated attention to detail, process, and discipline within a production financial environment. Responsibilities:
Implements and maintains firewall policies, including IPS and transparent proxy profiles, to supplement new technologies and project initiatives in conjunction with the Server, Development and Information Security teams.
Implements and maintains load-balancers and their associated algorithms within and across a multi-datacenter infrastructure, to supplement application growth and redundancy in conjunction with the Server and Development teams.
Compose and maintain firewall policies, including IPS and proxy profiles, through strong analytical, communication and problem-solving skills.
Defines firewall objects, group objects and rules in a structured and efficient manner.
Composes connectivity designs to satisfy project /task requirements utilizing proven, best-practice technologies and solutions.
Performs implementation and troubleshooting of the security architecture to address identified deficiencies and enhance the company's strategic direction.
Responds to issue escalations and service interruptions as a confident technical team-member.
Completes tasks in accordance to best practices and in compliance with security and corporate guidelines.
Ensures responsibilities are carried out accurately and in a timely basis.
Manages multiple priorities effectively.
Prepares technical subject matter presentations suitable for management.
Maintains effective relationships with vendors, consultants and coworkers.
Evaluates emerging technologies and product platforms with regards to business drivers, infrastructure performance and scalability assessments.
Strong understanding of proxies and their foundation technologies including SSL Inspection, Web Filtering and Application Control, at an advanced level.
SSL/TLS security including certificate inspection, deep packet inspection and certificate management.
Strong understanding of firewall logic including Network / Port Address Translations (NAT / PAT); Site-to-Site VPNs and remote-access VPNs.
Layer 2 and Layer 3 networking design and implementation.
Thorough knowledge of TCP/IP addressing and sub-netting.
Packet capture and analysis
Exceptional technical documentation skills
Excellent communication and interpersonal skills.
Experience with current best practices in IT standards, principles, and security practices.
After-hours (evenings and weekends) work will be required, as needed
Hands-on experience with the following platforms/feature-sets:
FortiNet, and Cisco firewall platforms within the GUI and CLI levels.
F5 Local and Global Traffic Managers, including iRules configurations.
Basic understanding of layer 3 protocols, such as HSRP, ARP, EIGRP, OSPF, and BGP.
Basic comprehension of layer 2 technologies including (Rapid) Spanning Tree Protocol and LACP.
Logging aggregation and reporting via SNMP and SYSLOG.
Bachelors degree in Computer Science, Information Systems, or related technical studies.